With the GDPR on the horizon, the EU is now overhauling and expanding the reach of the more specific privacy rules which relate to direct marketing, cookies and other forms of online monitoring. The ability of social media and messaging services to track users is one of many areas touched on in the European Commission's newly proposed ePrivacy Regulation, which was officially unveiled last week. We highlight some key impacts for the tech and media sectors, provided the proposed draft passes through the legislative process without dramatic changes. Businesses should incorporate these new requirements into their GDPR readiness planning. Why are the rules being updated?
In all the excitement last week over the European Parliament's approval of the General Data Protection Regulation (GDPR) and the US Privacy Shield, you may have missed that the European Commission published a consultation on Monday 11 April regarding the ePrivacy Directive. Don't worry though, here is what you need to know: What is the purpose of the consultation? The consultation forms part of the Commission's Digital Single Market (DSM) Strategy and is necessary given that the GDPR, once adopted, will impact the e-Privacy Directive which sets out some additional and specific rules regarding the processing of personal data in the electronic communications sector. Infamously, the e-Privacy Directive contains the almost uniformly derided cookie consent requirement, so many people are likely to want to input. It also contains rules on breach notification, consents for marketing by electronic means and use of traffic and location data. The Commission … Continue Reading ››
Datonomy can empathise with anyone tasked with making their organisation's website compliant with the cookie consent rules. Here we share our own experiences, review the latest guidance from the ICO and take a look at some of the compliance mechanisms appearing on other UK websites. Stop press – revised guidance from the ICO on implied consent The ICO marked the end of its year long enforcement amnesty by refreshing its guidance. On 25 May it launched:
- a helpful 11 minute video of Dave Evans, Group Manager at the ICO, setting out the Commissioner's enforcement stance and guidance for businesses yet to make a start on compliance;
- version 3 of its compliance guidance for website owners; and
- advice for the public on controlling cookies.
At a recent roundtable event hosted by Olswang LLP, Datonomy heard a range of perspectives on the new cookie consent requirements. Readers can find useful resources from the event via the right menu below (scroll down to "Cookie resources") including the headline comments from our panel of speakers. Over 30 in house counsel from a range of consumer facing businesses – all getting to grips with compliance with the UK's new rules – attended the breakfast seminar. Recognising that the legal world is now sick of cookie puns, croissants were on the breakfast menu instead. The UK regulatory perspective was provided by Dave Evans, Group Manager at the Information Commissioner's Office. The clear message to UK website owners, echoing the ICO's recent guidance, is that doing nothing and hoping a browser-based consent solution will come to the rescue is simply not an option. Businesses should be analysing the cookies on their websites, informing … Continue Reading ››
As promised in my post earlier today, here is a summary of the UK Government's latest announcement on transposition of the new cookie rules. Much of it confirms what we already knew, although there are a few new crumbs of information for those tracking the issue closely. In short: users of behavioural advertising are being encouraged to abide by the "sprit of the revised Directive" until browser-based technical solutions are developed by industry, and guidance from the ICO is promised in time for the transposition deadline of 25 May; enforcement actions are not expected in the short term. See below for a more detailed analysis. What's new? (and what isn't?) The latest twist in the long running cookie saga is the publication today (15 April) by the DCMS of its 87 page response document "Implementing the revised EU Electronic Communications Framework". In relation to cookies (see pages 71 to 76) some … Continue Reading ››
Austria is not the only EU Member State in trouble with the European Commission. Following last week's post by Datonomy's Austrian correspondent, the UK Government has responded to the Commission's recent censure by publishing proposals to tighten up rules on the interception of Internet and email communications. At the end of September, the European Commission referred the UK to the ECJ over failure to fully implement EU rules on the confidentiality of Internet and email communications (see the 7 October post by Gemma) and this week the Home Office published its proposals for closing the relevant loopholes in the UK statute book. Regular readers of Datonomy will recall that this debacle dates back to early 2009 and was triggered by concerns about the privacy issues raised by the online behavioural advertising service Phorm. To recap, the Commission identified a mismatch between certain requirements of the ePrivacy Directive and the UK's … Continue Reading ››